Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

sutck on "Loading Files" on reboot


  • Please log in to reply
3 replies to this topic

#1 mr roman

mr roman

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:CT / Puerto Rico
  • Local time:10:17 AM

Posted 17 January 2012 - 01:40 PM

It is possible that I may be infected with malware but for now my only concern is getting into safe-mode.
I was doing some web development work when all of a sudden a spyware program popped up saying one of my hdd's was corrupted and needed to be scanned. I simply shut off my computer by going to start menu -> power off.

Upon restart I didn't hesitate to start pressing F8 to get into safe-mode and run a malware scan, but it went straight to the black-screen, saying "WIndows is Loading Files..." and the progress bar at the bottom doesn't move at all and that's where im stuck.

I could not find anything on google or here, I can boot up with a linux distro and Hirens Boot CD. In hiren's I can still access my windows HDD and my files are all intact. I ran chkdsk through the MiniXP and it said it fixed a few index's, rebooted.. nothing.

So i used the windows 7 install disc to get into repair mode, but it kept crashing so I switched my DVD drive to a newer one and it booted into the install disk. the start-up repair says attempting to fix disk errors but then it crashes saying "Startup Repair Offline". I ran another chkdsk through the command prompt to no avail. I just tried running sfc /scannow and it says there are pending repairs please reboot and try again.
Also, when I get the repair options window, at the top it says Operating System: Unknown on (Unknown) Local Disc but I can open notepad thru cmd and open a file dialog and my windows hdd is there intact at D:

Does anyone have any idea where to begin with this? I'm running windows 7 32bit, 2gb of ram, 320gb HDD. I also used Hirens to check the HDD for bad sectors using HDAT2 i believe it was. All of my cables are connected fine, there is no visible damage to my motherboard or any capacitors. I ran MemTest86+ and passed every test, even removed one ram tried again then with the other.

Edited by hamluis, 19 January 2012 - 07:24 AM.
Moved from Win 7 to Am i Infected.


BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 56,396 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:09:17 AM

Posted 17 January 2012 - 03:11 PM

I would begin by dealing with the infection...since malware can impact anything from ability to boot to ongoing Windows operations...I would believe that deserves my initial, most important focus...before trying to deal with issues which currently may have their origin due to infection.

Louis

#3 mr roman

mr roman
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:CT / Puerto Rico
  • Local time:10:17 AM

Posted 18 January 2012 - 01:25 PM

Thank you for the reply. In repair mode, I was able to get SuperAntiSpyware to do a complete scan of my system (literally every file 4mb-/+ & inside zip, took 4+ hours) and it found nothing. I could not get HitmanPro to run as it requires a net connection, and Malwarebytes would not run under repair mode.

However, Using Hiren'sBootCD, I saw the option "Boot from hard-drive WinXP/Vista/7". I decided to give it a go and I was able to get to the "boot options menu" where I can select safe-mode, etc.. Well, now I get a blue screen of death when using any of those options. <_< (see attachment 2)

How come the option to "Boot From Hard-drive" from Hiren's actually gets me to the boot options by using F8 immediately after, but booting up normally will give me that problem where it gets stuck at "Loading files"?
I would appreciate any help or just pointers in the right direction, could this be caused by a damaged Master Boot Record?

EDIT 1:
some quick googling of '0x0000007b' found some good results, in particular these two links
http://pcsupport.about.com/od/findbyerrormessage/a/stop0x0000007b.htm

This article describes issues that can cause this Stop error including boot sector viruses and device driver issues or hardware issues.

http://support.microsoft.com/kb/324103

EDIT 2: after changing my SATA operating mode back to Native-IDE how it was before, I am now able to normally boot into my windows (from the hirens boot cd 'boot from hdd option' normal booting still doesn't work) but with a extreme amount of functionality disabled, the start menu only shows download, ctrl+alt+del doesn't show "task manager". I will now try to take care of this infection as suggested by Hamluis.

EDIT 3: After booting through Hiren's a few times.. did some scan with malwarebytes and hitmanpro. Found this

C:\$Recycle.Bin\S-1-5-21-2398226805-2317841884-600848533-1001\$RGY4GE5.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-2398226805-2317841884-600848533-1001\$R7W42PP.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-2398226805-2317841884-600848533-1001\$RA0XWZC\t603402098_7716[1].jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-2398226805-2317841884-600848533-1001\$RA0XWZC\sip-prime-check-badge._V238437133_[1].gif (Extension.Mismatch) -> Quarantined and deleted successfully.
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Quarantined and deleted successfully.
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Quarantined and deleted successfully.

After this most of the windows functionallity is back to normal... minus regular booting without Hiren's Boot CD.

and i went to MSConfig and under the boot tab there is no listing for my OS

Attached Files


Edited by mr roman, 18 January 2012 - 04:22 PM.


#4 mr roman

mr roman
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:CT / Puerto Rico
  • Local time:10:17 AM

Posted 19 January 2012 - 01:49 PM

After booting in safe-mode through hiren's boot cd, I used RKill then ran TDSSKiller and got this, Windows booted perfectly fine. There may be more so.. back to scanning lol.
sorry for the double post, and also typo on the topic title, i assure you i was stuck, not sutck.

Posted Image

Edited by mr roman, 19 January 2012 - 01:51 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users